/**
 * Project Name:fire-industry-DM-center
 * File Name:UrlAccessDecisionManager.java
 * Package Name:com.firestone.config.security
 * Date:2018年3月28日下午1:31:42
 *
*/

package com.firestone.config.security;

import java.io.IOException;
import java.util.Collection;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.stereotype.Component;

import com.firestone.core.utils.HttpResponseUtil;
import com.firestone.service.user.impl.GrantedAuthorityImpl;

/**
 * @Description: TODO(URL访问决策管理)
 * @author CAIYJ
 * @date 2018年3月28日 下午1:31:42
 */
@Component
public class UrlAccessDecisionManager implements AccessDecisionManager {

    @Override
    public void decide(Authentication authentication, Object object,
            Collection<ConfigAttribute> configAttributes)
                    throws AccessDeniedException,
                    InsufficientAuthenticationException {
        HttpServletRequest request = ((FilterInvocation) object)
                .getHttpRequest();
        String url;
        if ("anonymousUser".equals(authentication.getPrincipal())
                || matchers("/images/**", request)
                || matchers("/js/**", request) || matchers("/css/**", request)
                || matchers("/fonts/**", request) || matchers("/", request)
                || matchers("/index.html", request)
                || matchers("/favicon.ico", request)
                || matchers("/login", request) || matchers("/druid/**", request)
                || matchers("/swagger-ui.html", request)
                || matchers("/swagger-resources/**", request)
                || matchers("/swagger-resources/configuration/**", request)
                || matchers("/**", request)) {
            return;
        } else {
            for (GrantedAuthority ga : authentication.getAuthorities()) {
                if (ga instanceof GrantedAuthorityImpl) {
                    GrantedAuthorityImpl grantedAuthorityImpl = (GrantedAuthorityImpl) ga;
                    url = grantedAuthorityImpl.getAuthority();
                    if (matchers(url, request)) {
                        return;
                    }
                }
            }
        }
        HttpServletResponse response = ((FilterInvocation) object)
                .getHttpResponse();
        try {
            HttpResponseUtil.noAuth(response);
        } catch (IOException e) {

        }
    }

    @Override
    public boolean supports(ConfigAttribute attribute) {

        // TODO Auto-generated method stub
        return true;
    }

    @Override
    public boolean supports(Class<?> clazz) {

        // TODO Auto-generated method stub
        return true;
    }

    private boolean matchers(String url, HttpServletRequest request) {
        AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
        if (matcher.matches(request)) {
            return true;
        }
        return false;
    }
}
